CyberSec.Space Logo
Back to CVE Browser

CVE-2010-5330

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score45.5120%
EPSS Percentile90.59th
PublishedJun 11, 2019
Last ModifiedNov 5, 2025

Vulnerability Description

On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSync firmware. For example, Nanostation5 (Air OS) is affected.

Affected Platforms (CPE)

πŸ’»
Ui

Airos

< 4.0.1
πŸ’»
Ui

Airos

>= 4.0.2 and < 5.3.5
πŸ’»
Ui

Airos

>= 5.3.6 and < 5.4.5

References & Advisories

πŸ”— https://community.ubnt.com/t5/airMAX-General-Discussion/AirOS-Security-Exploit-Updated-Firmware/td-p/212974
πŸ”— https://www.exploit-db.com/exploits/14146
πŸ”— https://community.ubnt.com/t5/airMAX-General-Discussion/AirOS-Security-Exploit-Updated-Firmware/td-p/212974
πŸ”— https://www.exploit-db.com/exploits/14146
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-5330

Related Vulnerabilities

CVE-2020-81719.8

We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on...

CVE-2015-92669.8

The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthent...

CVE-2020-81688.8

We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on...

CVE-2020-81706.1

We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on...